2202 if (is_protected_access(current_class(), ref_class_oop, field_name,
2203 field_sig, false)) {
2204 // It's protected access, check if stack object is assignable to
2205 // current class.
2206 is_assignable = current_type().is_assignable_from(
2207 stack_object_type, this, CHECK_VERIFY(this));
2208 if (!is_assignable) {
2209 verify_error(ErrorContext::bad_type(bci,
2210 current_frame->stack_top_ctx(),
2211 TypeOrigin::implicit(current_type())),
2212 "Bad access to protected data in getfield");
2213 return;
2214 }
2215 }
2216 break;
2217 }
2218 default: ShouldNotReachHere();
2219 }
2220 }
2221
2222 void ClassVerifier::verify_invoke_init(
2223 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2224 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2225 constantPoolHandle cp, TRAPS) {
2226 u2 bci = bcs->bci();
2227 VerificationType type = current_frame->pop_stack(
2228 VerificationType::reference_check(), CHECK_VERIFY(this));
2229 if (type == VerificationType::uninitialized_this_type()) {
2230 // The method must be an <init> method of this class or its superclass
2231 Klass* superk = current_class()->super();
2232 if (ref_class_type.name() != current_class()->name() &&
2233 ref_class_type.name() != superk->name()) {
2234 verify_error(ErrorContext::bad_type(bci,
2235 TypeOrigin::implicit(ref_class_type),
2236 TypeOrigin::implicit(current_type())),
2237 "Bad <init> method call");
2238 return;
2239 }
2240
2241 // Make sure that this call is not jumped over.
2242 if (bci < furthest_jump()) {
2243 verify_error(ErrorContext::bad_code(bci),
2244 "Bad <init> method call from inside of a branch");
2245 return;
2246 }
2247
2248 // Make sure that this call is not done from within a TRY block because
2249 // that can result in returning an incomplete object. Simply checking
2250 // (bci >= start_pc) also ensures that this call is not done after a TRY
2251 // block. That is also illegal because this call must be the first Java
2252 // statement in the constructor.
2253 ExceptionTable exhandlers(_method());
2254 int exlength = exhandlers.length();
2255 for(int i = 0; i < exlength; i++) {
2256 if (bci >= exhandlers.start_pc(i)) {
2257 verify_error(ErrorContext::bad_code(bci),
2258 "Bad <init> method call from after the start of a try block");
2259 return;
2260 }
2261 }
2262
2263 current_frame->initialize_object(type, current_type());
2264 *this_uninit = true;
2265 } else if (type.is_uninitialized()) {
2266 u2 new_offset = type.bci();
2267 address new_bcp = bcs->bcp() - bci + new_offset;
2268 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2269 /* Unreachable? Stack map parsing ensures valid type and new
2270 * instructions have a valid BCI. */
2271 verify_error(ErrorContext::bad_code(new_offset),
2272 "Expecting new instruction");
2273 return;
2274 }
2275 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2276 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2277
2278 // The method must be an <init> method of the indicated class
2279 VerificationType new_class_type = cp_index_to_type(
|
2202 if (is_protected_access(current_class(), ref_class_oop, field_name,
2203 field_sig, false)) {
2204 // It's protected access, check if stack object is assignable to
2205 // current class.
2206 is_assignable = current_type().is_assignable_from(
2207 stack_object_type, this, CHECK_VERIFY(this));
2208 if (!is_assignable) {
2209 verify_error(ErrorContext::bad_type(bci,
2210 current_frame->stack_top_ctx(),
2211 TypeOrigin::implicit(current_type())),
2212 "Bad access to protected data in getfield");
2213 return;
2214 }
2215 }
2216 break;
2217 }
2218 default: ShouldNotReachHere();
2219 }
2220 }
2221
2222 // Make sure that all switch alternatives end in 'athrow' bytecodes.
2223 // Since it could be difficult to determine where each switch alternative
2224 // ends, parse each switch alternative until either hit a 'return', 'athrow',
2225 // or reach the end of the method's bytecodes. This is gross but should be
2226 // okay because:
2227 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2228 // constructor invocations should be rare.
2229 // 2. if each switch alternative ends in an athrow then the parsing should be
2230 // short. If there is no athrow then it is bogus code, anyway.
2231 bool ClassVerifier::switch_athrows(Bytecodes::Code opcode, RawBytecodeStream* bcs) {
2232 assert(opcode == Bytecodes::_lookupswitch || opcode == Bytecodes::_tableswitch,
2233 "Bad opcode");
2234 int bci = bcs->bci();
2235 address bcp = bcs->bcp();
2236 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
2237 u4 default_offset = Bytes::get_Java_u4(aligned_bcp);
2238 u4 code_length = method()->code_size();
2239 int keys, delta;
2240 if (opcode == Bytecodes::_tableswitch) {
2241 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2242 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2243 // This is invalid, but let the regular bytecode verifier
2244 // report this because the user will get a better error message.
2245 if (low > high) return true;
2246 keys = high - low + 1;
2247 delta = 1;
2248 } else {
2249 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2250 delta = 2;
2251 }
2252
2253 // This is invalid, but let the regular bytecode verifier
2254 // report this because the user will get a better error message.
2255 if (keys < 0) return true;
2256
2257 if (default_offset + bci > code_length) return false;
2258 if (!ends_in_athrow(default_offset + bci, code_length, false)) return false;
2259
2260 for (int i = 0; i < keys; i++) {
2261 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2262 if (target > code_length) return false;
2263 if (!ends_in_athrow(target, code_length, false)) return false;
2264 }
2265
2266 return true; // All switch alternatives ended in a throw.
2267 }
2268
2269 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset, u4 end_bc_offset,
2270 bool reach_end_of_bc) {
2271 // Create bytecode stream.
2272 RawBytecodeStream bcs(method());
2273 bcs.set_interval(start_bc_offset, end_bc_offset);
2274 u4 code_length = method()->code_size();
2275 u4 target;
2276
2277 while (!bcs.is_last_bytecode()) {
2278 Bytecodes::Code opcode = bcs.raw_next();
2279 u2 bci = bcs.bci();
2280
2281 switch (opcode) {
2282 case Bytecodes::_if_icmpeq:
2283 case Bytecodes::_if_icmpne:
2284 case Bytecodes::_if_icmplt:
2285 case Bytecodes::_if_icmpge:
2286 case Bytecodes::_if_icmpgt:
2287 case Bytecodes::_if_icmple:
2288 case Bytecodes::_ifeq:
2289 case Bytecodes::_ifne:
2290 case Bytecodes::_iflt:
2291 case Bytecodes::_ifge:
2292 case Bytecodes::_ifgt:
2293 case Bytecodes::_ifle:
2294 case Bytecodes::_if_acmpeq:
2295 case Bytecodes::_if_acmpne:
2296 case Bytecodes::_ifnull:
2297 case Bytecodes::_ifnonnull:
2298 target = bcs.dest();
2299 if (target > bci) { // forward branch
2300 if (target >= code_length) return false;
2301 // scan bytecodes up to the target.
2302 if (!ends_in_athrow(bcs.next_bci(), target, true)) return false;
2303 bcs.set_next_bci(target);
2304 } else { // backward branch
2305 // Check the bytecodes between the branch target and the current offset
2306 if (!ends_in_athrow(target, bci, true)) return false;
2307 }
2308 break;
2309
2310 case Bytecodes::_goto:
2311 case Bytecodes::_goto_w:
2312 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2313 if (target > bci) { // forward branch
2314 if (target >= code_length) return false;
2315 return ends_in_athrow(target, code_length, false);
2316 } else { // backward branch
2317 // Check bytecodes between the branch target and the current offset.
2318 if (!ends_in_athrow(target, bci, true)) return false;
2319 }
2320 break;
2321
2322 case Bytecodes::_lookupswitch :
2323 case Bytecodes::_tableswitch:
2324 if (!switch_athrows(opcode, &bcs)) return false;
2325 break;
2326
2327 case Bytecodes::_return :
2328 return false;
2329
2330 case Bytecodes::_athrow :
2331 return true;
2332
2333 default:
2334 ;
2335 } // end switch
2336 } // end while loop
2337
2338 return reach_end_of_bc;
2339 }
2340
2341 void ClassVerifier::verify_invoke_init(
2342 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2343 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2344 constantPoolHandle cp, TRAPS) {
2345 u2 bci = bcs->bci();
2346 VerificationType type = current_frame->pop_stack(
2347 VerificationType::reference_check(), CHECK_VERIFY(this));
2348 if (type == VerificationType::uninitialized_this_type()) {
2349 // The method must be an <init> method of this class or its superclass
2350 Klass* superk = current_class()->super();
2351 if (ref_class_type.name() != current_class()->name() &&
2352 ref_class_type.name() != superk->name()) {
2353 verify_error(ErrorContext::bad_type(bci,
2354 TypeOrigin::implicit(ref_class_type),
2355 TypeOrigin::implicit(current_type())),
2356 "Bad <init> method call");
2357 return;
2358 }
2359
2360 // Make sure that this call is not jumped over.
2361 if (bci < furthest_jump()) {
2362 verify_error(ErrorContext::bad_code(bci),
2363 "Bad <init> method call from inside of a branch");
2364 return;
2365 }
2366
2367 // Check if this call is done from inside of a TRY block. If so, make
2368 // sure that all catch clause paths end in a throw. Otherwise, this
2369 // can result in returning an incomplete object.
2370 ExceptionTable exhandlers(_method());
2371 int exlength = exhandlers.length();
2372 for(int i = 0; i < exlength; i++) {
2373 u2 start_pc = exhandlers.start_pc(i);
2374 u2 end_pc = exhandlers.end_pc(i);
2375
2376 if (bci >= start_pc && bci < end_pc) {
2377 if (!ends_in_athrow(exhandlers.handler_pc(i), code_length, false)) {
2378 verify_error(ErrorContext::bad_code(bci),
2379 "Bad <init> method call from after the start of a try block");
2380 return;
2381 } else if (VerboseVerification) {
2382 ResourceMark rm;
2383 tty->print_cr(
2384 "Survived call to ends_in_athrow(): %s",
2385 current_class()->name()->as_C_string());
2386 }
2387 }
2388 }
2389
2390 current_frame->initialize_object(type, current_type());
2391 *this_uninit = true;
2392 } else if (type.is_uninitialized()) {
2393 u2 new_offset = type.bci();
2394 address new_bcp = bcs->bcp() - bci + new_offset;
2395 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2396 /* Unreachable? Stack map parsing ensures valid type and new
2397 * instructions have a valid BCI. */
2398 verify_error(ErrorContext::bad_code(new_offset),
2399 "Expecting new instruction");
2400 return;
2401 }
2402 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2403 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2404
2405 // The method must be an <init> method of the indicated class
2406 VerificationType new_class_type = cp_index_to_type(
|